I am currently using perfmonitor preprocessor to dump performance stats, and graphing some
of these values through SNMP calls. The documentation on this preprocessor is fairly limited
and doesn't do a good job of explaining what the fields actually mean, or what time frame the
figures are calculated over.

To get those kinds of performance metrics, what fields should I be looking at and how are those
fields measured?

This question came from our site for Information security professionals.

you might try sticking a bounty on this one to get some attention. I'm not sure how feasible it is to get some of the stats you are looking for, but there must be a way to get at least some of them.
–
CalebApr 15 '11 at 10:26

Suricata is an alternative to Snort, and will actually load up the VRF and EmergingThreat rule sets. It's multithreaded and apparently a lot faster then Snort. My colleague says it has much better Debian packages then Snort does.

There are 2 basic components to
Performance Statistics. First, the
module actually counts items, such as
a stream module counting new
streams/sec. Second, is a module that
collects all these stats and makes
them available to the admin somehow (a
log, snmp msg, etc).